wordpress POST xmlrpc.php WTF ?

WordPress is widespread because it is such a good blogging platform, CMS, DMS and you-name-it. Unfortunately it means that it becomes the target of many spam and DoS attacks.

The one that is steaming right now it the one that fills your logs with this:
93.174.93.204 wp.libpf.com - [04/Sep/2014:07:33:30 +0000] "POST /xmlrpc.php HTTP/1.0" 403 345 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
212.79.108.47 wp.libpf.com - [04/Sep/2014:07:34:02 +0000] "POST /xmlrpc.php HTTP/1.1" 403 345 "-" "-"
...

To block it, add this to your lighttpd.conf:
url.access-deny = ( "~", ".inc", "xmlrpc.php" )

and restart it:
service lighttpd restart

pixelstats trackingpixel
Posted in Uncategorized | Leave a comment

Automated bug finding with git bisect and boost::test

Here we use boost::test to write test programs for our C++ code, and git as a distributed version control system to track revisions.

One day a test that used to pass stopped working so I decided to try git-bisect to identify the commit  that broke the test. This took me along a journey of shell scripting and git magic that I’d like to share.

First I chdir’d to /tmp and cloned the repo:
cd /tmp
git clone ~/my_repo
cd my_repo

Then I created a shell script that builds the test and runs it, and placed it in the root of the git repository. This is the script, aptly called my_script:
#!/bin/sh
rm -rf bin
cd src
bjam release -j3
cd ../test
bjam release TestModel -j3
cd ..
bin/test/gcc-4.9/release/TestModel --build_info=yes --log_level=test_suite --report_level=detailed
OUT=$?
if [ $OUT -eq 0 ];then
exit 0
else
exit 1
fi

The shell script checks the exit code of the boost::test executable, and if that is different from zero (some tests failed) it returns 1, or 0 if all is OK. This is based on the magic shell variable $? that returns the exit code of the last run command – a trick I always forget and that seems so difficult to find with a search engine.

Now I make the script executable:
chmod u+x my_script

Then I test it here where I am (the HEAD):
./my_script
echo $?

This returns 1, so the test is failing. Now we can start the git-bisect journey:
git bisect reset
git bisect start
git bisect bad

Next we look for a previous commit where the test used to pass; let’s rewind by 20 commits and try there:
git checkout HEAD~20
./my_script
echo $?

Now this passes, so let’s get back to HEAD and find the corresponding commit:
git checkout master
git log --pretty=oneline | head -n 21

The HEAD~20 has a hash of f6aabbe80766a9745447214a89c513de29cbbe70 so let’s mark that as a good one:
git bisect good f6aabbe80766a9745447214a89c513de29cbbe70

and now we’re ready to start:
git bisect run ./my_script

after some time git-bisect returns with:
3c9b0231c2dbef5a7c6a490c877116e2c5bd89c2 is the first bad commit

Done !

pixelstats trackingpixel
Posted in Howtos | Leave a comment

Third LIBPF app preview

This time we have dynamic pages and you can switch between 4 pseudo-servers (switching server changes the app skin). But of course no server is running yet so it’s all fakes (there is a fruit salat configurator you can play around with).

Here is a group photo of the app on our test gizmos:

app on gizmosFor a hands-on session straight into your own device, try this link.

pixelstats trackingpixel
Posted in UI | Leave a comment

Using jshint on debian testing

tl;dr: If you wish to use jshint on debian testing (jessie), do this:

sudo apt-get update
sudo apt-get install nodejs nodejs-legacy
sudo npm install jshint -g
jshint

Long story: this is difficult to get right if you read random posts around. There are flamewars from 2012 about node-js package being obsolete in Debian (not true as of today) and WNPP for jshint is stuck because the package contains some code licensed with a variant of the MIT license considered un-kosher by debian (still true).

pixelstats trackingpixel
Posted in Howtos | Leave a comment

Second LIBPF app preview

Hey we’re still in the early prototyping phase – it’s all static pages – but you asked for it, so here it is on the XCode simulator (iPhone 3.5 retina):

Random screenshots:

03
00
02
01For a hands-on session straight into your own device, try this link.

pixelstats trackingpixel
Posted in UI | Leave a comment

First try at webapp integration testing with capybara on debian

Capybara looks like a promising tecnology for integration testing of web applications, so we decided to give it a try on debian jessie workstation.

There are some howtos around based on rails or other ruby-specific stuff, but what is required for a first try (see KISS phylosophy = Keep it Simple Stupid) is to run one test interactively with irb (the Interactive Ruby Shell).
There is a ruby-capybara debian package, but it only comes with rack_test driver. It looks tricky to configure with other drivers, as per Debian Bug report #705739; also its popcon data with 9 submitters suggest it may not trendy.

The RubyGems package manager seems to do the job better, so let’s remove the ruby-capybara package, install ruby-dev (for the header files to compile ruby extensions)  and launch gem for capybara and the selenium webdriver:

sudo apt-get remove ruby-capybara
sudo apt-get install ruby-dev
sudo gem install capybara
sudo gem install selenium-webdriver

Now start irb and try this:

require 'capybara/dsl'
Capybara.default_driver = :selenium
Capybara.app_host = 'http://bing.com'
Capybara.default_wait_time = 15
Capybara.visit '/'
Capybara.fill_in 'sb_form_q', :with => 'simevo'
Capybara.find('#sb_form_go').click

Mandatory screenshot:

capybara

pixelstats trackingpixel
Posted in Howtos, UI, Uncategorized | Leave a comment

LIBPF app preview

Work is underway to create a LIBPF mobile app. At the moment we have the storyboard:

P1100260and a very early prototype of the main page:

pixelstats trackingpixel
Posted in Uncategorized | Leave a comment

New LIBPF.com headquarters

Starting today LIBPF is temporarily based c/o Faktory Basement, a multi-purpose facility (club, music reharsal / recording and coworking) located in the now abandoned chemical site of Châtillon / Montefibre.

Nothing more adequate to the topic of process simulation than a post-industrial site !

Here are some snapshots:

Whole building viewEntranceThe roomThe coworkers

 

 

 

pixelstats trackingpixel
Posted in Uncategorized | Leave a comment

Debian Wheezy with KDE

The right way to install KDE on Debian Wheezy is to start the right installer by choosing “KDE desktop” under Alternate Desktop Environments under Advanced Options in the CD boot menu.
If you haven’t done that, you’ll end with Gnome. In this case here is the cure:

sudo apt-get autoremove --purge gnome*
sudo apt-get install kde-standard
pixelstats trackingpixel
Posted in Howtos, Uncategorized | Leave a comment

Apple OS X virtualization with VirtualBox

A long time ago virtualizing Apple OS X was forbidden by the End User License Agreement, with the exception of Server versions of the operating system. Consequently Oracle (the maintainer of VirtualBox) was not very supportive, and many replies on the end user forum for VirtualBox still point to the then default answer.

Countless hackers spent endless nights to work around this issue, and thousands of posts offer tricks and step-by-step guides that are now mostly obsolete. Also, many of these refer to the process of virtualizing OS X on non-Apple hardware, which is illegal (so called “hackintosh”).

Two years ago, with OS X Lion (10.7) Apple started allowing users to run up to two additional instances of OS X on the same machine without a need for extra licenses. It took some time to the VirtualBox developers to pick up this fact and enhance their support for OS X guests, but with VirtualBox 4.3 released on October 15th, 2013 things start to be useable.

More precisely the following is a report on running Apple Max OS X 10.7, 10.8 and 10.9 as guests under VirtualBox 4.3.2 on a 10.7 host.

To create 10.7 and 10.8 guests, you need to extract the InstallESD.dmg from the restore image or from the installer downloaded from the iTunes store. There are step-by-step guides around to do that. You do not need to patch the InstallESD.dmg in any way.

Just go ahead and create a new VM with the correct OS type (i.e. Mac OS X) and version (i.e. Mac OS X 10.7 Lion (64 bit) or Mac OS X 10.8 Mountain Lion (64 bit)). Pick up all the default options or change RAM and disk sizes, then attach the InstallESD.dmg file to the VM’s CD/DVD.

Before you launch it, if you like you can prepare for setting the VM screen resolution to 1440×900 by executing these commands in a terminal of the host:

VBoxManage setextradata "OSX_108" "CustomVideoMode1" "1440x900x32
VBoxManage setextradata "OSX_108" "GUI/CustomVideoMode1" "1440x900x32"
VBoxManage setextradata "OSX_108" VBoxInternal2/EfiGopMode 4
VBoxManage setextradata "OSX_108" VBoxInternal2/UgaHorizontalResolution 1440
VBoxManage setextradata "OSX_108" VBoxInternal2/UgaVerticalResolution 900

(these may well be quite redundant but they’re guaranteed to work).

The install process should be slower than on bare metal, but smooth with the exception of some occasional hangs on booting (just kill the VM and retry).

When you are done, remember to turn off energy saving (set timeout to “Never”) in the system preferences as recommended here.

To complete the procedure for setting the VM screen resolution to 1440×900, execute the command:

sudo vi /Library/Preferences/SystemConfiguration/com.apple.Boot.plist

in the guest operating system, and inside the

<dict>
...
</dict>

section insert:

<key>Graphics Mode</key>
<string>1920x1080x32</string>
<key>Kernel Flags</key>
<string>"Graphics Mode"="1920x1080x32"</string>

The matter with 10.9 is different because VirtualBox does not seem to be able to start the VM from the unpatched InstallESD.dmg, even if the correct OS version is chosen (Mac OS X 10.9 Mavericks (64 bit)). The method I used was to clone a 10.8 VM and launch the installer from there.

Mandatory screenshot:

bbb

pixelstats trackingpixel
Posted in Howtos, Uncategorized | Leave a comment